Scam of the day – August 31, 2016 – Massive ATM heist

ATM robbery is increasing dramatically.  According to FICO Card Alert Service, a company that monitors ATM activity for banks, ATM skimming attacks increased by 546% from 2014 to 2015 and this trend shows no indication of slowing down in 2016.  Skimmers are small devices that can be attached to ATMs either on the outside or inside of the machine that capture the data from your card when you insert it into the ATM.  This problem is exacerbated by the fact that ATMs still are using the old-fashioned magnetic strip cards rather than being updated to take the newer EMV chip cards that create a new code for every transaction that would render the skimmer useless.   The trade regulations requiring the switch over to chip cards for ATMs  go into effect for ATM transactions using MasterCard debit cards  October 1, 2016, but Visa’s deadline is not until October 1, 2017.  The regulations themselves are not laws, but rather rules of the banks and credit card processors that shift liability for fraudulent card use to companies not switching over to the EMV card readers before the deadlines.  It has been estimated by the National ATM Council that less than half of ATMs will be EMV card ready by October 2016.

However, things aren’t as bad as you think.  They are far worse.

Enterprising criminals recently managed to hack 21 ATMs of the Government Savings Bank in Thailand stealing approximately $350,000.  What was significant about this particular hacking was that in this case, skimmers weren’t used in the attack on the ATMs and money was not stolen from individual account holders as in the recent 13 million dollar heist from Japanese ATMs located at convenience stores over a three hour period.  In this case, the hackers inserted a malware infected card into the ATMs that reprogrammed the ATMs to allow them to withdraw money from the ATMs directly without being allocated to any particular account.  Inserting malware through portable USB external hard drives into ATMs and reprogramming them to release cash to hackers is exposing vulnerabilities in the security of many ATMs.

TIPS

The banking industry has got to keep pace with the attacks by sophisticated criminals upon ATMs.  Switching to EMV chip cards will help significantly from the less sophisticated hackers using skimmers, but it won’t help against the more sophisticated hackers attacking ATMs by changing the machine’s programming.  Better security needs to be implemented to combat this threat immediately.

Meanwhile as for us as customers, the best you can do is to generally refrain from using private ATMs and ATMs  that are not embedded in walls.  The stand-alone ATMs are more vulnerable to a number of different types of hacking.  You should also feel around to see if anything is loose where you insert your card and for any evidence of tampering and use another machine if you find any indication that the ATM has been altered in anyway.  Also cover the keypad when you insert your PIN.  Finally, monitor the bank account to which your ATM card is attached regularly to recognize any fraudulent use as soon as possible to avoid personal liability if you delay in reporting fraudulent use of your card.